{"id":"CVE-2019-3560","details":"An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.","modified":"2026-04-11T09:40:02.972654Z","published":"2019-04-29T16:29:00.813Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"},{"type":"FIX","url":"https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebookincubator/fizz","events":[{"introduced":"0"},{"fixed":"7dca28d705fa47d0d0a4667389d00a7b692bf2f4"},{"fixed":"40bbb161e72fb609608d53b9d64c56bb961a6ee2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2019.03.04.00"}]}}],"versions":["v2018.09.24.00","v2018.10.01.00","v2018.10.08.00","v2018.10.15.00","v2018.10.22.00","v2018.10.29.00","v2018.11.05.00","v2018.11.12.00","v2018.11.19.00","v2018.11.26.00","v2018.12.03.00","v2018.12.10.00","v2018.12.17.00","v2018.12.24.00","v2018.12.31.00","v2019.01.07.00","v2019.01.14.00","v2019.01.21.00","v2019.01.28.00","v2019.02.04.00","v2019.02.11.00","v2019.02.18.00","v2019.02.25.00"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3560.json","vanir_signatures":[{"source":"https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2","digest":{"length":2017,"function_hash":"218404739379754356069635748324794749765"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-3560-0f27f8d0","signature_version":"v1","target":{"file":"fizz/record/PlaintextRecordLayer.cpp","function":"PlaintextReadRecordLayer::read"}},{"source":"https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2","digest":{"threshold":0.9,"line_hashes":["284874508492167448417475876770024785434","73827099726767433453257000164984413602","1884291685735021107780733353913913979","154503829010250883649497091671471392945","127863923093738618575146065361892343137","272542403893425600602578121969568237263"]},"signature_type":"Line","deprecated":false,"id":"CVE-2019-3560-521ba176","signature_version":"v1","target":{"file":"fizz/record/PlaintextRecordLayer.cpp"}}],"vanir_signatures_modified":"2026-04-11T09:40:02Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}